[BACK]Return to auth-passwd.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth-passwd.c between version 1.4 and 1.5

version 1.4, 1999/09/29 22:22:16 version 1.5, 1999/09/30 04:30:03
Line 17 
Line 17 
 #include "includes.h"  #include "includes.h"
 RCSID("$Id$");  RCSID("$Id$");
   
 #ifdef HAVE_SCO_ETC_SHADOW  
 # include <sys/security.h>  
 # include <sys/audit.h>  
 # include <prot.h>  
 #else /* HAVE_SCO_ETC_SHADOW */  
 #ifdef HAVE_ETC_SHADOW  
 #include <shadow.h>  
 #endif /* HAVE_ETC_SHADOW */  
 #endif /* HAVE_SCO_ETC_SHADOW */  
 #ifdef HAVE_ETC_SECURITY_PASSWD_ADJUNCT  
 #include <sys/label.h>  
 #include <sys/audit.h>  
 #include <pwdadj.h>  
 #endif /* HAVE_ETC_SECURITY_PASSWD_ADJUNCT */  
 #include "packet.h"  #include "packet.h"
 #include "ssh.h"  #include "ssh.h"
 #include "servconf.h"  #include "servconf.h"
 #include "xmalloc.h"  #include "xmalloc.h"
   
 #ifdef HAVE_SECURID  
 /* Support for Security Dynamics SecurID card.  
    Contributed by Donald McKillican <dmckilli@qc.bell.ca>. */  
 #define SECURID_USERS "/etc/securid.users"  
 #include "sdi_athd.h"  
 #include "sdi_size.h"  
 #include "sdi_type.h"  
 #include "sdacmvls.h"  
 #include "sdconf.h"  
 union config_record configure;  
 static int securid_initialized = 0;  
 #endif /* HAVE_SECURID */  
   
 #ifdef KRB4  #ifdef KRB4
 extern char *ticket;  extern char *ticket;
 #endif /* KRB4 */  #endif /* KRB4 */
Line 170 
Line 143 
     }      }
 #endif /* KRB4 */  #endif /* KRB4 */
   
 #ifdef HAVE_SECURID  
   /* Support for Security Dynamics SecurId card.  
      Contributed by Donald McKillican <dmckilli@qc.bell.ca>. */  
   {  
     /*  
      * the way we decide if this user is a securid user or not is  
      * to check to see if they are included in /etc/securid.users  
      */  
     int found = 0;  
     FILE *securid_users = fopen(SECURID_USERS, "r");  
     char *c;  
     char su_user[257];  
   
     if (securid_users)  
       {  
         while (fgets(su_user, sizeof(su_user), securid_users))  
           {  
             if (c = strchr(su_user, '\n'))  
               *c = '\0';  
             if (strcmp(su_user, server_user) == 0)  
               {  
                 found = 1;  
                 break;  
               }  
           }  
       }  
     fclose(securid_users);  
   
     if (found)  
       {  
         /* The user has a SecurID card. */  
         struct SD_CLIENT sd_dat, *sd;  
         log("SecurID authentication for %.100s required.", server_user);  
   
         /*  
          * if no pass code has been supplied, fail immediately: passing  
          * a null pass code to sd_check causes a core dump  
          */  
         if (*password == '\0')  
           {  
             log("No pass code given, authentication rejected.");  
             return 0;  
           }  
   
         sd = &sd_dat;  
         if (!securid_initialized)  
           {  
             memset(&sd_dat, 0, sizeof(sd_dat));   /* clear struct */  
             creadcfg();         /*  accesses sdconf.rec  */  
             if (sd_init(sd))  
               packet_disconnect("Cannot contact securid server.");  
             securid_initialized = 1;  
           }  
         return sd_check(password, server_user, sd) == ACM_OK;  
       }  
   }  
   /* If the user has no SecurID card specified, we fall to normal  
      password code. */  
 #endif /* HAVE_SECURID */  
   
   /* Save the encrypted password. */    /* Save the encrypted password. */
   strlcpy(correct_passwd, saved_pw_passwd, sizeof(correct_passwd));    strlcpy(correct_passwd, saved_pw_passwd, sizeof(correct_passwd));
   
 #ifdef HAVE_OSF1_C2_SECURITY  
     osf1c2_getprpwent(correct_passwd, saved_pw_name, sizeof(correct_passwd));  
 #else /* HAVE_OSF1_C2_SECURITY */  
   /* If we have shadow passwords, lookup the real encrypted password from  
      the shadow file, and replace the saved encrypted password with the  
      real encrypted password. */  
 #ifdef HAVE_SCO_ETC_SHADOW  
   {  
     struct pr_passwd *pr = getprpwnam(saved_pw_name);  
     pr = getprpwnam(saved_pw_name);  
     if (pr)  
       strlcpy(correct_passwd, pr->ufld.fd_encrypt, sizeof(correct_passwd));  
     endprpwent();  
   }  
 #else /* HAVE_SCO_ETC_SHADOW */  
 #ifdef HAVE_ETC_SHADOW  
   {  
     struct spwd *sp = getspnam(saved_pw_name);  
     if (sp)  
       strlcpy(correct_passwd, sp->sp_pwdp, sizeof(correct_passwd));  
     endspent();  
   }  
 #else /* HAVE_ETC_SHADOW */  
 #ifdef HAVE_ETC_SECURITY_PASSWD_ADJUNCT  
   {  
     struct passwd_adjunct *sp = getpwanam(saved_pw_name);  
     if (sp)  
       strnlpy(correct_passwd, sp->pwa_passwd, sizeof(correct_passwd));  
     endpwaent();  
   }  
 #else /* HAVE_ETC_SECURITY_PASSWD_ADJUNCT */  
 #ifdef HAVE_ETC_SECURITY_PASSWD  
   {  
     FILE *f;  
     char line[1024], looking_for_user[200], *cp;  
     int found_user = 0;  
     f = fopen("/etc/security/passwd", "r");  
     if (f)  
       {  
         snprintf(looking_for_user, sizeof looking_for_user, "%.190s:",  
           server_user);  
         while (fgets(line, sizeof(line), f))  
           {  
             if (strchr(line, '\n'))  
               *strchr(line, '\n') = 0;  
             if (strcmp(line, looking_for_user) == 0)  
               found_user = 1;  
             else  
               if (line[0] != '\t' && line[0] != ' ')  
                 found_user = 0;  
               else  
                 if (found_user)  
                   {  
                     for (cp = line; *cp == ' ' || *cp == '\t'; cp++)  
                       ;  
                     if (strncmp(cp, "password = ", strlen("password = ")) == 0)  
                       {  
                         strlcpy(correct_passwd, cp + strlen("password = "),  
                                 sizeof(correct_passwd));  
                         break;  
                       }  
                   }  
           }  
         fclose(f);  
       }  
   }  
 #endif /* HAVE_ETC_SECURITY_PASSWD */  
 #endif /* HAVE_ETC_SECURITY_PASSWD_ADJUNCT */  
 #endif /* HAVE_ETC_SHADOW */  
 #endif /* HAVE_SCO_ETC_SHADOW */  
 #endif /* HAVE_OSF1_C2_SECURITY */  
   
   /* Check for users with no password. */    /* Check for users with no password. */
   if (strcmp(password, "") == 0 && strcmp(correct_passwd, "") == 0)    if (strcmp(password, "") == 0 && strcmp(correct_passwd, "") == 0)
     {      {
Line 316 
Line 157 
   xfree(saved_pw_passwd);    xfree(saved_pw_passwd);
   
   /* Encrypt the candidate password using the proper salt. */    /* Encrypt the candidate password using the proper salt. */
 #ifdef HAVE_OSF1_C2_SECURITY  
   encrypted_password = (char *)osf1c2crypt(password,  
                                    (correct_passwd[0] && correct_passwd[1]) ?  
                                    correct_passwd : "xx");  
 #else /* HAVE_OSF1_C2_SECURITY */  
 #ifdef HAVE_SCO_ETC_SHADOW  
   encrypted_password = bigcrypt(password,  
                              (correct_passwd[0] && correct_passwd[1]) ?  
                              correct_passwd : "xx");  
 #else /* HAVE_SCO_ETC_SHADOW */  
   encrypted_password = crypt(password,    encrypted_password = crypt(password,
                              (correct_passwd[0] && correct_passwd[1]) ?                               (correct_passwd[0] && correct_passwd[1]) ?
                              correct_passwd : "xx");                               correct_passwd : "xx");
 #endif /* HAVE_SCO_ETC_SHADOW */  
 #endif /* HAVE_OSF1_C2_SECURITY */  
   
   /* Authentication is accepted if the encrypted passwords are identical. */    /* Authentication is accepted if the encrypted passwords are identical. */
   return (strcmp(encrypted_password, correct_passwd) == 0);    return (strcmp(encrypted_password, correct_passwd) == 0);
Legend:
Removed from v.1.4  
changed lines
  Added in v.1.5